Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: AIX sendmail and tls
Operating Systems AIX AIX sendmail and tls Post 302943258 by Linusolaradm1 on Wednesday 6th of May 2015 10:22:40 PM
Old 05-06-2015
AIX sendmail and tls
The situation

Code:
Version AIX7.1/8.14.4
 Compiled with: DNSMAP LDAPMAP LDAP_REFERRALS LOG MAP_REGEX MATCHGECOS
                MILTER MIME7TO8 MIME8TO7 NAMED_BIND NDBM NETINET NETINET6
                NETUNIX NEWDB NIS NISPLUS PIPELINING SCANF STARTTLS USERDB
                USE_LDAP_INIT XDEBUG

Code:
  openssl.base             1.0.1.513    CE    F    Open Secure Socket Layer

I configure sendmail for use tls

Code:
divert(0)dnl
VERSIONID(`Mustafar')
OSTYPE(aixsample)dnl
DOMAIN(`generic')dnl
define(`_X400_UUCP_')dnl
define(`_MASQUERADE_ENVELOPE_')dnl
define(`MASQUERADE_NAME')dnl
define(`confTRY_NULL_MX_LIST',`T')dnl
define(`LUSER_RELAY',`name_of_luser_relay')dnl
define(`DATABASE_MAP_TYPE',`dbm')dnl
define(`_CLASS_U_')dnl
define(`LOCAL_RELAY')dnl
define(`MAIL_HUB')dnl
TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5')dnl
FEATURE(always_add_domain)dnl
FEATURE(access_db)dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(uucp)dnl
define(`SMART_HOST', `posta.server.local')
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/server.crt')dnl
define(`confSERVER_CERT', `/etc/mail/certs/ibmunix.server.crt')dnl
define(`confSERVER_KEY', `/etc/mail/certs/ibmunix.server.key')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/ibmunix.server.crt')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/ibmunix.server.key')dnl
define(`confRAND_FILE',`egd:/dev/random')dnl
define(`TLS_VERSION',`TLSV1')dnl
define(`confLOG_Level', `16')

I can receive mail from other server(all with tls)
but if try to send an email from this server

Code:
May  7 03:31:57 ibmunix mail:warn|warning sendmail[13303906]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1
May  7 03:31:57 ibmunix mail:warn|warning sendmail[13303906]: STARTTLS=client: 13303906:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:593:
May  7 03:31:57 ibmunix mail:notice sendmail[13303906]: ruleset=tls_server, arg1=SOFTWARE, relay=posta.server.local, reject=403 4.7.0 TLS handshake failed.

The other servers are configure for allow TLS only,no ssl3
but i try also with ssl3 server,same error.
Any suggestion?
Thanks
 

10 More Discussions You Might Find Interesting

1. AIX

How to configure sendmail for AIX 5.3

Hello All, I am very new to this sendmail thing. I need to set up AIX servers with sendmail service to get emails in my corporate email address. All I am asked to do is use SMTP gateways (already in place) for using sendmail. thanks in advance (0 Replies)
Discussion started by: solaix14
0 Replies

2. UNIX for Dummies Questions & Answers

Implementing TLS with Sendmail and having problem with cert request

Hi. One of my company's customers requires mails to be sent to them to use TLS. Thanks to some good documentation on the web, I've got this mostly figured out, but now I'm stuck at generating the CSR. My company's mail domain is sg.bunny.com (not real address, obviously), but the email gateway... (0 Replies)
Discussion started by: pierreery
0 Replies

3. AIX

AIX sendmail configuration

I want to configure sendmail on AIX 4 and 5 to send emails to a windows SMTP proxy server for distribution. Mail would be going from AIX to Windows but any return emails would be sent not AIX but to a default Windows return address. What variables in the AIX sendmail.cf file would need to be... (1 Reply)
Discussion started by: rahe
1 Replies

4. AIX

Problems with sendmail on AIX

hi, i got this error, i have no idea where to start.. anyone please??? Warning: .cf file is out of date: sendmail AIX5.3/8.13.4 supports version 10, .c f file is version 9 WARNING: local host name (BAANPRO) is not qualified; see cf/README: WHO AM I? Running /var/spool/mqueue/o3CBj3np1138768... (3 Replies)
Discussion started by: fdeivis
3 Replies

5. AIX

sendmail on AIX

Hi, Is sendmail required to read local mail for root user on AIX? I shutdown sendmail daemon and sent a test mail to root and I got it. I don't know if I'm missing something here. Thanks regards Israel. (1 Reply)
Discussion started by: iga3725
1 Replies

6. HP-UX

Sendmail TLS and Certificate?

We are running HP-UX 11v1 and are about to upgrade sendmail to 8.13.3 to allow support for TLS. Enabling TLS seems pretty straightforward, but I'm wondering if an SSL certificate is required for this. Our MS Exchange server does use a certificate. Do I need to arrange for a public certificate to... (3 Replies)
Discussion started by: jduehmig
3 Replies

7. UNIX for Dummies Questions & Answers

Problems with Sendmail AUTH and TLS

Greetings. I desperately need help to get my sendmail configuration working again. I followed this guide: Unmemorable Memories » Blog Archive » Enabling SMTP-AUTH for Sendmail on Debian Linux 3.1 to enable TLS and AUTH in sendmail and now I get an error I just cannot find any information... (1 Reply)
Discussion started by: Mr.Glaurung
1 Replies

8. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA.... (6 Replies)
Discussion started by: paco699
6 Replies

9. Solaris

How to configure CUPS on Solaris 11.3 - TLS and no TLS?

We are implementing CUPS on a new Solaris 11.3 system. The same system will run an application where users can print to networked printers inside our organisation, or to a printer outside of our organisation over the internet. For users printing to internal network printers, no encryption is... (0 Replies)
Discussion started by: SallyB
0 Replies

10. AIX

Unable to establish connection over TLS 1.2 on AIX 7.1/7.2

Hello Team, I would need your help to enable communication over TLS1.2 on AIX 7.1 or 7.2 with IBM JDK 1.8 latest update. By default, the request is trying to establish a connection over TLSv1 even though TLS 1.2 is explicitly enabled on server as well as on Java 8. The openssl command throws... (4 Replies)
Discussion started by: Naina2019
4 Replies

LEARN ABOUT CENTOS

pmdasendmail

PMDASENDMAIL(1) 					      General Commands Manual						   PMDASENDMAIL(1)

NAME

       pmdasendmail - sendmail performance metrics domain agent (PMDA)

SYNOPSIS

       $PCP_PMDAS_DIR/sendmail/pmdasendmail [-d domain] [-l logfile] [-U username]

DESCRIPTION

       pmdasendmail is a sendmail Performance Metrics Domain Agent (PMDA) which exports mail traffic statistics as collected by sendmail(1).

       Before  the  sendmail PMDA can export any metrics, sendmail(1) must have statistics collection enabled.	This involves checking the name of
       the statistics file, as given by the OS or O StatusFile control lines in /etc/sendmail.cf, and then creating  this  file  if  it  does  not
       already exist.  Removing the file will terminate statistics collection by sendmail(1) and hence the sendmail PMDA.

       A brief description of the pmdasendmail command line options follows:

       -d   It	is  absolutely crucial that the performance metrics domain number specified here is unique and consistent.  That is, domain should
	    be different for every PMDA on the one host, and the same domain number should be used for the same PMDA on all hosts.

       -l   Location of the log file.  By default, a log file named sendmail.log is written in the current directory of pmcd(1) when  pmdasendmail
	    is	started,  i.e.	 $PCP_LOG_DIR/pmcd.  If the log file cannot be created or is not writable, output is written to the standard error
	    instead.

       -U   User account under which to run the agent.	The default is the unprivileged "pcp" account in current versions of  PCP,  but  in  older
	    versions the superuser account ("root") was used by default.

       There are no communication options, as the Install script ensures the sendmail PMDA will be connected to PMCD by a pipe.

INSTALLATION

       If you want access to the names, help text and values for the sendmail performance metrics, do the following as root:

	    # cd $PCP_PMDAS_DIR/sendmail
	    # ./Install

       If you want to undo the installation, do the following as root:

	    # cd $PCP_PMDAS_DIR/sendmail
	    # ./Remove

       pmdasendmail is launched by pmcd(1) and should never be executed directly.  The Install and Remove scripts notify pmcd(1) when the agent is
       installed or removed.

FILES

       $PCP_PMCDCONF_PATH
		 command line options used to launch pmdasendmail
       $PCP_PMDAS_DIR/sendmail/help
		 default help text file for the sendmail metrics
       $PCP_PMDAS_DIR/sendmail/Install
		 installation script for the pmdasendmail agent
       $PCP_PMDAS_DIR/sendmail/Remove
		 undo installation script for the pmdasendmail agent
       $PCP_LOG_DIR/pmcd/sendmail.log
		 default log file for error messages and other information from pmdasendmail
       /etc/sendmail.cf
		 sendmail configuration file to identify the name of the statistics file

PCP ENVIRONMENT

       Environment variables with the prefix PCP_ are used to parameterize the file and directory names used by PCP.  On  each	installation,  the
       file  /etc/pcp.conf contains the local values for these variables.  The $PCP_CONF variable may be used to specify an alternative configura-
       tion file, as described in pcp.conf(5).

SEE ALSO

       pmcd(1) and sendmail(1).

Performance Co-Pilot							PCP							   PMDASENDMAIL(1)
All times are GMT -4. The time now is 08:22 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy